Law-aware access control for international financial environments

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Law-aware access control for international financial environments

Full text

Pdf (876 KB)

Source

International Workshop on Data Engineering for Wireless and Mobile Access archive
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access table of contents

Providence, Rhode Island

SESSION: Context/location-based data access table of contents

Pages 33-40

Year of Publication: 2009

ISBN:978-1-60558-712-7

Authors

Michael Stieghahn	University of Luxembourg, Luxembourg
Thomas Engel	University of Luxembourg, Luxembourg

Sponsor

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 23, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1594139.1594151 What is a DOI?

ABSTRACT

Financial institutions are restricted by legislation and have to ensure that mobile access to data is legal in a defined context. However, today's access control solutions work but cannot decide whether an access is legal. Especially when an access from different countries is required different legislations have to be taken into account. In this paper, we address the problem of a law-compliant access in international financial environments. We present an extension to context-aware access control systems so that they incorporate legal constraints. To this end, we introduce different facets of context information, their interrelations, and describe their necessity for a law-aware access control. Finally, by using an international banking application scenario, we demonstrate how a system that follows our approach can decide about access.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000 [doi>10.1145/382912.382913]
	2	Vijayalakshmi Atluri , Janice Warner, Supporting conditional delegation in secure workflow management systems, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden [doi>10.1145/1063979.1063990]
	3	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, A Temporal Access Control Mechanism for Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.67-80, February 1996 [doi>10.1109/69.485637]
	4	Elisa Bertino , Claudio Bettini , Pierangela Samarati, A temporal authorization model, Proceedings of the 2nd ACM Conference on Computer and communications security, p.126-135, November 1994, Fairfax, Virginia, United States [doi>10.1145/191177.191202]
	5	S. M. Chandran and J. B. D. Joshi. LoT-RBAC: A location and time-based RBAC model. In A. H. H. Ngu, M. Kitsuregawa, E. J. Neuhold, J.-Y. Chung, and Q. Z. Sheng, editors, WISE, volume 3806 of Lecture Notes in Computer Science, pages 361--375. Springer, 2005.
	6	Jason Crampton , Hemanth Khambhammettu, Delegation and satisfiability in workflow systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA [doi>10.1145/1377836.1377842]
	7	Maria Luisa Damiani , Elisa Bertino , Barbara Catania , Paolo Perlasca, GEO-RBAC: A spatially aware RBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.1, p.2-es, February 2007 [doi>10.1145/1210263.1210265]
	8	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	9	A. K. Dey and G. D. Abowd. Towards a better understanding of context and context-awarenesss. In Computer Human Intraction 2000 Workshop on the What, Who, Where, 1999.
	10	D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.
	11	Christos K. Georgiadis , Ioannis Mavridis , George Pangalos , Roshan K. Thomas, Flexible team-based access control using contexts, Proceedings of the sixth ACM symposium on Access control models and technologies, p.21-27, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373259]
	12	T. Gross and M. Specht. Awareness in context-aware information systems. In H. Oberquelle, R. Oppermann, and J. Krause, editors, Mensch & Computer. Teubner, 2001.
	13	M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. Monitors for Usage Control. In Joint iTrust and PST Conferences on Privacy, Trust Management and Security, volume 238 of IFIP International Federation for Information Processing. Springer-Verlag, 2007.
	14	L. LaPadula, T. Original, D. E. Bell, and L. J. LaPadula. Secure Computer Systems: Mathematical Foundations, 1973.
	15	Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507717]
	16	Jaehong Park , Ravi Sandhu, The UCON_ABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004 [doi>10.1145/984334.984339]
	17	Ravi Sandhu , Fang Chen, The multilevel relational (MLR) data model, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.93-132, Nov. 1998 [doi>10.1145/290163.290171]
	18	Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344301]
	19	B. Schilit , N. Adams , R. Want, Context-Aware Computing Applications, Proceedings of the 1994 First Workshop on Mobile Computing Systems and Applications, p.85-90, December 08-09, 1994 [doi>10.1109/WMCSA.1994.16]
	20	B. Schilit and M. Theimer. Disseminating active map information to mobile hosts. IEEE Network, 8(5):22--32, 1994.
	21	Constantin Serban , Yingying Chen , Wenxuan Zhang , Naftaly Minsky, The concept of decentralized and secure electronic marketplace, Electronic Commerce Research, v.8 n.1-2, p.79-101, June 2008 [doi>10.1007/s10660-008-9014-0]
	22	Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004 [doi>10.1145/1015040.1015043]
	23	Roshan K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, p.13-19, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266748]
	24	Victoria Ungureanu , Naftaly H. Minsky, Establishing Business Rules for Inter-Enterprise Electronic Commerce, Proceedings of the 14th International Conference on Distributed Computing, p.179-193, October 04-06, 2000